PT-2026-35549

When an application is configured to use ApplicationPidFileWriter, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 fix 4.0.6, 3.5.0–3.5.13 fix 3.5.14, 3.4.0–3.4.15 fix 3.4.16,...

Diskover Community Edition 跨站请求伪造漏洞

Diskover Community Edition is an open-source file manager developed by Diskover Data. Versions of Diskover Community Edition 2.3.5 and earlier contained a cross-site request forgeing vulnerability. This vulnerability arises from cross-site request forgery attacks, allowing remote attackers to...

EUVD-2026-25889

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settingsprocess.php...

📄 V8 BigInt String Conversion Stress Test Conceptual Sandbox

This is a V8 Sandbox Escape vulnerability in BigInt::Allocate where buffers are shuffled outside the sandbox. The vulnerability allows for writes outside the boundaries of the allocated buffer within the sandbox outbound write by manipulating data during the MultiplyFFT process...

CVE-2026-38934

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settingsprocess.php...

CVE-2026-38934

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settingsprocess.php...

1000 Projects Portfolio Management System MCA 授权问题漏洞

The 1000 Projects Portfolio Management System MCA is an open-source combination management system developed by 1000 Projects. Version 1.0 of the 1000 Projects Portfolio Management System MCA has a vulnerability related to authorization. This vulnerability stems from improper handling of the...

CVE-2026-38934

CVE-2026-38934 affects diskoverdata diskover-community v2.3.5 and earlier. The issue is a Cross-Site Request Forgery vulnerability in public/settings_process.php that permits a remote attacker to escalate privileges and access sensitive information. The CVE details provide a high-severity impact ...

CVE-2026-38934

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settingsprocess.php...

CVE-2026-7068

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBDprocess of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used...

CVE-2026-7068

CVE-2026-7068 affects D-Link DIR-825 (firmware 3.00b32) in the nmbd component, specifically NMBD_process in sserver.c, causing a buffer overflow. Impacted action is local-network based, with confidentiality/integrity/availability rated high by CVSS data; exploit maturity noted as PROOF-OF-CONCEPT...

CVE-2026-7058

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

EUVD-2026-25728

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

CVE-2026-7058

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

CVE-2026-7058 666ghj MiroFish Inter-Process Communication simulation_ipc.py SimulationIPCClient.send_command command injection

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.sendcommand of the file backend/app/services/simulationipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to launc...

CVE-2026-7058

CVE-2026-7058 affects 666ghj MiroFish

angband

Angband - Kernel Exploit Framework A staged, modular framew...

PT-2026-35237

A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send command of the file backend/app/services/simulation ipc.py of the component Inter-Process Communication. Such manipulation leads to command injection. It is possible to...

Insufficient Verification of Data Authenticity

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the cron process. An attacker can cause untrusted events to be labeled as trusted system events by triggering isolated cron agent runs...

MAL-2026-3039 Malicious code in process-app-task (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e9459ef3208e8a07fbb99a80ce6bc5f0a6b9c6511da51241bac7c034632b7e1 The package process-app-task was found to contain malicious code. Source: ghsa-malware e03db779eee12801bb79b31d14cb5519f499b54a039c4428b125a23c26a652...